| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 /* | 4 /* |
| 5 * This file implements PKCS 11 on top of our existing security modules | 5 * This file implements PKCS 11 on top of our existing security modules |
| 6 * | 6 * |
| 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. | 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. |
| 8 * This implementation has two slots: | 8 * This implementation has two slots: |
| 9 * slot 1 is our generic crypto support. It does not require login. | 9 * slot 1 is our generic crypto support. It does not require login. |
| 10 * It supports Public Key ops, and all they bulk ciphers and hashes. | 10 * It supports Public Key ops, and all they bulk ciphers and hashes. |
| (...skipping 256 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 267 */ | 267 */ |
| 268 status = sftk_FreeObject(object); | 268 status = sftk_FreeObject(object); |
| 269 | 269 |
| 270 return (status != SFTK_DestroyFailure) ? CKR_OK : CKR_DEVICE_ERROR; | 270 return (status != SFTK_DestroyFailure) ? CKR_OK : CKR_DEVICE_ERROR; |
| 271 } | 271 } |
| 272 | 272 |
| 273 | 273 |
| 274 /* | 274 /* |
| 275 ************** Crypto Functions: Utilities ************************ | 275 ************** Crypto Functions: Utilities ************************ |
| 276 */ | 276 */ |
| 277 | 277 /* |
| 278 * Utility function for converting PSS/OAEP parameter types into |
| 279 * HASH_HashTypes. Note: Only SHA family functions are defined in RFC 3447. |
| 280 */ |
| 281 static HASH_HashType |
| 282 GetHashTypeFromMechanism(CK_MECHANISM_TYPE mech) |
| 283 { |
| 284 switch (mech) { |
| 285 case CKM_SHA_1: |
| 286 case CKG_MGF1_SHA1: |
| 287 return HASH_AlgSHA1; |
| 288 case CKM_SHA224: |
| 289 case CKG_MGF1_SHA224: |
| 290 return HASH_AlgSHA224; |
| 291 case CKM_SHA256: |
| 292 case CKG_MGF1_SHA256: |
| 293 return HASH_AlgSHA256; |
| 294 case CKM_SHA384: |
| 295 case CKG_MGF1_SHA384: |
| 296 return HASH_AlgSHA384; |
| 297 case CKM_SHA512: |
| 298 case CKG_MGF1_SHA512: |
| 299 return HASH_AlgSHA512; |
| 300 default: |
| 301 return HASH_AlgNULL; |
| 302 } |
| 303 } |
| 278 | 304 |
| 279 /* | 305 /* |
| 280 * return a context based on the SFTKContext type. | 306 * return a context based on the SFTKContext type. |
| 281 */ | 307 */ |
| 282 SFTKSessionContext * | 308 SFTKSessionContext * |
| 283 sftk_ReturnContextByType(SFTKSession *session, SFTKContextType type) | 309 sftk_ReturnContextByType(SFTKSession *session, SFTKContextType type) |
| 284 { | 310 { |
| 285 switch (type) { | 311 switch (type) { |
| 286 case SFTK_ENCRYPT: | 312 case SFTK_ENCRYPT: |
| 287 case SFTK_DECRYPT: | 313 case SFTK_DECRYPT: |
| (...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 451 return NSS_AES_CTS; | 477 return NSS_AES_CTS; |
| 452 case CKM_AES_CTR: | 478 case CKM_AES_CTR: |
| 453 return NSS_AES_CTR; | 479 return NSS_AES_CTR; |
| 454 case CKM_AES_GCM: | 480 case CKM_AES_GCM: |
| 455 return NSS_AES_GCM; | 481 return NSS_AES_GCM; |
| 456 } | 482 } |
| 457 return -1; | 483 return -1; |
| 458 } | 484 } |
| 459 | 485 |
| 460 static SECStatus | 486 static SECStatus |
| 461 sftk_EncryptOAEP(SFTKOAEPEncryptInfo *info, unsigned char *output, | 487 sftk_RSAEncryptRaw(NSSLOWKEYPublicKey *key, unsigned char *output, |
| 462 unsigned int *outputLen, unsigned int maxLen, | 488 unsigned int *outputLen, unsigned int maxLen, |
| 463 unsigned char *input, unsigned int inputLen) | 489 const unsigned char *input, unsigned int inputLen) |
| 464 { | 490 { |
| 465 return RSA_EncryptOAEP(info->params, info->key, output, outputLen, | 491 SECStatus rv = SECFailure; |
| 466 maxLen, input, inputLen); | 492 |
| 493 PORT_Assert(key->keyType == NSSLOWKEYRSAKey); |
| 494 if (key->keyType != NSSLOWKEYRSAKey) { |
| 495 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 496 return SECFailure; |
| 497 } |
| 498 |
| 499 rv = RSA_EncryptRaw(&key->u.rsa, output, outputLen, maxLen, input, |
| 500 inputLen); |
| 501 if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { |
| 502 sftk_fatalError = PR_TRUE; |
| 503 } |
| 504 |
| 505 return rv; |
| 467 } | 506 } |
| 468 | 507 |
| 469 static SECStatus | 508 static SECStatus |
| 470 sftk_DecryptOAEP(SFTKOAEPDecryptInfo *info, unsigned char *output, | 509 sftk_RSADecryptRaw(NSSLOWKEYPrivateKey *key, unsigned char *output, |
| 471 unsigned int *outputLen, unsigned int maxLen, | 510 unsigned int *outputLen, unsigned int maxLen, |
| 472 unsigned char *input, unsigned int inputLen) | 511 const unsigned char *input, unsigned int inputLen) |
| 473 { | 512 { |
| 474 return RSA_DecryptOAEP(info->params, info->key, output, outputLen, | 513 SECStatus rv = SECFailure; |
| 475 maxLen, input, inputLen); | 514 |
| 515 PORT_Assert(key->keyType == NSSLOWKEYRSAKey); |
| 516 if (key->keyType != NSSLOWKEYRSAKey) { |
| 517 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 518 return SECFailure; |
| 519 } |
| 520 |
| 521 rv = RSA_DecryptRaw(&key->u.rsa, output, outputLen, maxLen, input, |
| 522 inputLen); |
| 523 if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { |
| 524 sftk_fatalError = PR_TRUE; |
| 525 } |
| 526 |
| 527 return rv; |
| 528 } |
| 529 |
| 530 static SECStatus |
| 531 sftk_RSAEncrypt(NSSLOWKEYPublicKey *key, unsigned char *output, |
| 532 unsigned int *outputLen, unsigned int maxLen, |
| 533 const unsigned char *input, unsigned int inputLen) |
| 534 { |
| 535 SECStatus rv = SECFailure; |
| 536 |
| 537 PORT_Assert(key->keyType == NSSLOWKEYRSAKey); |
| 538 if (key->keyType != NSSLOWKEYRSAKey) { |
| 539 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 540 return SECFailure; |
| 541 } |
| 542 |
| 543 rv = RSA_EncryptBlock(&key->u.rsa, output, outputLen, maxLen, input, |
| 544 inputLen); |
| 545 if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { |
| 546 sftk_fatalError = PR_TRUE; |
| 547 } |
| 548 |
| 549 return rv; |
| 550 } |
| 551 |
| 552 static SECStatus |
| 553 sftk_RSADecrypt(NSSLOWKEYPrivateKey *key, unsigned char *output, |
| 554 unsigned int *outputLen, unsigned int maxLen, |
| 555 const unsigned char *input, unsigned int inputLen) |
| 556 { |
| 557 SECStatus rv = SECFailure; |
| 558 |
| 559 PORT_Assert(key->keyType == NSSLOWKEYRSAKey); |
| 560 if (key->keyType != NSSLOWKEYRSAKey) { |
| 561 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 562 return SECFailure; |
| 563 } |
| 564 |
| 565 rv = RSA_DecryptBlock(&key->u.rsa, output, outputLen, maxLen, input, |
| 566 inputLen); |
| 567 if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { |
| 568 sftk_fatalError = PR_TRUE; |
| 569 } |
| 570 |
| 571 return rv; |
| 572 } |
| 573 |
| 574 static SECStatus |
| 575 sftk_RSAEncryptOAEP(SFTKOAEPEncryptInfo *info, unsigned char *output, |
| 576 unsigned int *outputLen, unsigned int maxLen, |
| 577 const unsigned char *input, unsigned int inputLen) |
| 578 { |
| 579 HASH_HashType hashAlg; |
| 580 HASH_HashType maskHashAlg; |
| 581 |
| 582 PORT_Assert(info->key->keyType == NSSLOWKEYRSAKey); |
| 583 if (info->key->keyType != NSSLOWKEYRSAKey) { |
| 584 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 585 return SECFailure; |
| 586 } |
| 587 |
| 588 hashAlg = GetHashTypeFromMechanism(info->params->hashAlg); |
| 589 maskHashAlg = GetHashTypeFromMechanism(info->params->mgf); |
| 590 |
| 591 if (info->params->source != CKZ_DATA_SPECIFIED) { |
| 592 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); |
| 593 return SECFailure; |
| 594 } |
| 595 |
| 596 return RSA_EncryptOAEP(&info->key->u.rsa, hashAlg, maskHashAlg, |
| 597 (const unsigned char*)info->params->pSourceData, |
| 598 info->params->ulSourceDataLen, NULL, 0, |
| 599 output, outputLen, maxLen, input, inputLen); |
| 600 } |
| 601 |
| 602 static SECStatus |
| 603 sftk_RSADecryptOAEP(SFTKOAEPDecryptInfo *info, unsigned char *output, |
| 604 unsigned int *outputLen, unsigned int maxLen, |
| 605 const unsigned char *input, unsigned int inputLen) |
| 606 { |
| 607 SECStatus rv = SECFailure; |
| 608 HASH_HashType hashAlg; |
| 609 HASH_HashType maskHashAlg; |
| 610 |
| 611 PORT_Assert(info->key->keyType == NSSLOWKEYRSAKey); |
| 612 if (info->key->keyType != NSSLOWKEYRSAKey) { |
| 613 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 614 return SECFailure; |
| 615 } |
| 616 |
| 617 hashAlg = GetHashTypeFromMechanism(info->params->hashAlg); |
| 618 maskHashAlg = GetHashTypeFromMechanism(info->params->mgf); |
| 619 |
| 620 if (info->params->source != CKZ_DATA_SPECIFIED) { |
| 621 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); |
| 622 return SECFailure; |
| 623 } |
| 624 |
| 625 rv = RSA_DecryptOAEP(&info->key->u.rsa, hashAlg, maskHashAlg, |
| 626 (const unsigned char*)info->params->pSourceData, |
| 627 info->params->ulSourceDataLen, |
| 628 output, outputLen, maxLen, input, inputLen); |
| 629 if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { |
| 630 sftk_fatalError = PR_TRUE; |
| 631 } |
| 632 return rv; |
| 476 } | 633 } |
| 477 | 634 |
| 478 static SFTKChaCha20Poly1305Info * | 635 static SFTKChaCha20Poly1305Info * |
| 479 sftk_ChaCha20Poly1305_CreateContext(const unsigned char *key, | 636 sftk_ChaCha20Poly1305_CreateContext(const unsigned char *key, |
| 480 unsigned int keyLen, | 637 unsigned int keyLen, |
| 481 const CK_NSS_AEAD_PARAMS* params) | 638 const CK_NSS_AEAD_PARAMS* params) |
| 482 { | 639 { |
| 483 SFTKChaCha20Poly1305Info *ctx; | 640 SFTKChaCha20Poly1305Info *ctx; |
| 484 | 641 |
| 485 if (params->ulIvLen != sizeof(ctx->nonce)) { | 642 if (params->ulIvLen != sizeof(ctx->nonce)) { |
| (...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 622 if (isEncrypt) { | 779 if (isEncrypt) { |
| 623 NSSLOWKEYPublicKey *pubKey = sftk_GetPubKey(key,CKK_RSA,&crv); | 780 NSSLOWKEYPublicKey *pubKey = sftk_GetPubKey(key,CKK_RSA,&crv); |
| 624 if (pubKey == NULL) { | 781 if (pubKey == NULL) { |
| 625 crv = CKR_KEY_HANDLE_INVALID; | 782 crv = CKR_KEY_HANDLE_INVALID; |
| 626 break; | 783 break; |
| 627 } | 784 } |
| 628 context->maxLen = nsslowkey_PublicModulusLen(pubKey); | 785 context->maxLen = nsslowkey_PublicModulusLen(pubKey); |
| 629 context->cipherInfo = (void *)pubKey; | 786 context->cipherInfo = (void *)pubKey; |
| 630 context->update = (SFTKCipher) | 787 context->update = (SFTKCipher) |
| 631 (pMechanism->mechanism == CKM_RSA_X_509 | 788 (pMechanism->mechanism == CKM_RSA_X_509 |
| 632 » » » » » ? RSA_EncryptRaw : RSA_EncryptBlock); | 789 » » » » » ? sftk_RSAEncryptRaw : sftk_RSAEncrypt); |
| 633 } else { | 790 } else { |
| 634 NSSLOWKEYPrivateKey *privKey = sftk_GetPrivKey(key,CKK_RSA,&crv); | 791 NSSLOWKEYPrivateKey *privKey = sftk_GetPrivKey(key,CKK_RSA,&crv); |
| 635 if (privKey == NULL) { | 792 if (privKey == NULL) { |
| 636 crv = CKR_KEY_HANDLE_INVALID; | 793 crv = CKR_KEY_HANDLE_INVALID; |
| 637 break; | 794 break; |
| 638 } | 795 } |
| 639 context->maxLen = nsslowkey_PrivateModulusLen(privKey); | 796 context->maxLen = nsslowkey_PrivateModulusLen(privKey); |
| 640 context->cipherInfo = (void *)privKey; | 797 context->cipherInfo = (void *)privKey; |
| 641 context->update = (SFTKCipher) | 798 context->update = (SFTKCipher) |
| 642 (pMechanism->mechanism == CKM_RSA_X_509 | 799 (pMechanism->mechanism == CKM_RSA_X_509 |
| 643 » » » » » ? RSA_DecryptRaw : RSA_DecryptBlock); | 800 » » » » » ? sftk_RSADecryptRaw : sftk_RSADecrypt); |
| 644 } | 801 } |
| 645 context->destroy = sftk_Null; | 802 context->destroy = sftk_Null; |
| 646 break; | 803 break; |
| 647 /* XXX: Disabled until unit tests land. | 804 /* XXX: Disabled until unit tests land. |
| 648 case CKM_RSA_PKCS_OAEP: | 805 case CKM_RSA_PKCS_OAEP: |
| 649 if (key_type != CKK_RSA) { | 806 if (key_type != CKK_RSA) { |
| 650 crv = CKR_KEY_TYPE_INCONSISTENT; | 807 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 651 break; | 808 break; |
| 652 } | 809 } |
| 653 context->multi = PR_FALSE; | 810 context->multi = PR_FALSE; |
| 654 context->rsa = PR_TRUE; | 811 context->rsa = PR_TRUE; |
| 655 if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS)) { | 812 if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS)) { |
| 656 crv = CKR_MECHANISM_PARAM_INVALID; | 813 crv = CKR_MECHANISM_PARAM_INVALID; |
| 657 break; | 814 break; |
| 658 } | 815 } |
| 659 /\* XXX: Need Parameter validation here *\/ | 816 /\* XXX: Need Parameter validation here *\/ |
| 660 if (isEncrypt) { | 817 if (isEncrypt) { |
| 661 SFTKOAEPEncryptInfo *info = PORT_New(SFTKOAEPEncryptInfo); | 818 SFTKOAEPEncryptInfo *info = PORT_New(SFTKOAEPEncryptInfo); |
| 662 if (info == NULL) { | 819 if (info == NULL) { |
| 663 crv = CKR_HOST_MEMORY; | 820 crv = CKR_HOST_MEMORY; |
| 664 break; | 821 break; |
| 665 } | 822 } |
| 666 info->params = pMechanism->pParameter; | 823 info->params = pMechanism->pParameter; |
| 667 info->key = sftk_GetPubKey(key, CKK_RSA, &crv); | 824 info->key = sftk_GetPubKey(key, CKK_RSA, &crv); |
| 668 if (info->key == NULL) { | 825 if (info->key == NULL) { |
| 669 PORT_Free(info); | 826 PORT_Free(info); |
| 670 crv = CKR_KEY_HANDLE_INVALID; | 827 crv = CKR_KEY_HANDLE_INVALID; |
| 671 break; | 828 break; |
| 672 } | 829 } |
| 673 » context->update = (SFTKCipher) sftk_EncryptOAEP; | 830 » context->update = (SFTKCipher) sftk_RSAEncryptOAEP; |
| 674 context->maxLen = nsslowkey_PublicModulusLen(info->key); | 831 context->maxLen = nsslowkey_PublicModulusLen(info->key); |
| 675 context->cipherInfo = info; | 832 context->cipherInfo = info; |
| 676 } else { | 833 } else { |
| 677 SFTKOAEPDecryptInfo *info = PORT_New(SFTKOAEPDecryptInfo); | 834 SFTKOAEPDecryptInfo *info = PORT_New(SFTKOAEPDecryptInfo); |
| 678 if (info == NULL) { | 835 if (info == NULL) { |
| 679 crv = CKR_HOST_MEMORY; | 836 crv = CKR_HOST_MEMORY; |
| 680 break; | 837 break; |
| 681 } | 838 } |
| 682 info->params = pMechanism->pParameter; | 839 info->params = pMechanism->pParameter; |
| 683 info->key = sftk_GetPrivKey(key, CKK_RSA, &crv); | 840 info->key = sftk_GetPrivKey(key, CKK_RSA, &crv); |
| 684 if (info->key == NULL) { | 841 if (info->key == NULL) { |
| 685 PORT_Free(info); | 842 PORT_Free(info); |
| 686 crv = CKR_KEY_HANDLE_INVALID; | 843 crv = CKR_KEY_HANDLE_INVALID; |
| 687 break; | 844 break; |
| 688 } | 845 } |
| 689 » context->update = (SFTKCipher) sftk_DecryptOAEP; | 846 » context->update = (SFTKCipher) sftk_RSADecryptOAEP; |
| 690 context->maxLen = nsslowkey_PrivateModulusLen(info->key); | 847 context->maxLen = nsslowkey_PrivateModulusLen(info->key); |
| 691 context->cipherInfo = info; | 848 context->cipherInfo = info; |
| 692 } | 849 } |
| 693 context->destroy = (SFTKDestroy) sftk_Space; | 850 context->destroy = (SFTKDestroy) sftk_Space; |
| 694 break; | 851 break; |
| 695 */ | 852 */ |
| 696 case CKM_RC2_CBC_PAD: | 853 case CKM_RC2_CBC_PAD: |
| 697 context->doPad = PR_TRUE; | 854 context->doPad = PR_TRUE; |
| 698 /* fall thru */ | 855 /* fall thru */ |
| 699 case CKM_RC2_ECB: | 856 case CKM_RC2_ECB: |
| (...skipping 584 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1284 | 1441 |
| 1285 /* make sure we're legal */ | 1442 /* make sure we're legal */ |
| 1286 crv = sftk_GetContext(hSession,&context,SFTK_DECRYPT,PR_TRUE,NULL); | 1443 crv = sftk_GetContext(hSession,&context,SFTK_DECRYPT,PR_TRUE,NULL); |
| 1287 if (crv != CKR_OK) return crv; | 1444 if (crv != CKR_OK) return crv; |
| 1288 | 1445 |
| 1289 /* this can only happen on an NSS programming error */ | 1446 /* this can only happen on an NSS programming error */ |
| 1290 PORT_Assert((context->padDataLength == 0) | 1447 PORT_Assert((context->padDataLength == 0) |
| 1291 || context->padDataLength == context->blockSize); | 1448 || context->padDataLength == context->blockSize); |
| 1292 | 1449 |
| 1293 | 1450 |
| 1451 if (context->doPad) { |
| 1452 /* Check the data length for block ciphers. If we are padding, |
| 1453 * then we must be using a block cipher. In the non-padding case |
| 1454 * the error will be returned by the underlying decryption |
| 1455 * function when we do the actual decrypt. We need to do the |
| 1456 * check here to avoid returning a negative length to the caller |
| 1457 * or reading before the beginning of the pEncryptedPart buffer. |
| 1458 */ |
| 1459 if ((ulEncryptedPartLen == 0) || |
| 1460 (ulEncryptedPartLen % context->blockSize) != 0) { |
| 1461 return CKR_ENCRYPTED_DATA_LEN_RANGE; |
| 1462 } |
| 1463 } |
| 1464 |
| 1294 if (!pPart) { | 1465 if (!pPart) { |
| 1295 if (context->doPad) { | 1466 if (context->doPad) { |
| 1296 /* we can check the data length here because if we are padding, | |
| 1297 * then we must be using a block cipher. In the non-padding case | |
| 1298 * the error will be returned by the underlying decryption | |
| 1299 * function when do do the actual decrypt. We need to do the | |
| 1300 * check here to avoid returning a negative length to the caller. | |
| 1301 */ | |
| 1302 if ((ulEncryptedPartLen == 0) || | |
| 1303 (ulEncryptedPartLen % context->blockSize) != 0) { | |
| 1304 return CKR_ENCRYPTED_DATA_LEN_RANGE; | |
| 1305 } | |
| 1306 *pulPartLen = | 1467 *pulPartLen = |
| 1307 ulEncryptedPartLen + context->padDataLength - context->blockSize
; | 1468 ulEncryptedPartLen + context->padDataLength - context->blockSize
; |
| 1308 return CKR_OK; | 1469 return CKR_OK; |
| 1309 } | 1470 } |
| 1310 /* for stream ciphers there is are no constraints on ulEncryptedPartLen. | 1471 /* for stream ciphers there is are no constraints on ulEncryptedPartLen. |
| 1311 * for block ciphers, it must be a multiple of blockSize. The error is | 1472 * for block ciphers, it must be a multiple of blockSize. The error is |
| 1312 * detected when this function is called again do decrypt the output. | 1473 * detected when this function is called again do decrypt the output. |
| 1313 */ | 1474 */ |
| 1314 *pulPartLen = ulEncryptedPartLen; | 1475 *pulPartLen = ulEncryptedPartLen; |
| 1315 return CKR_OK; | 1476 return CKR_OK; |
| (...skipping 683 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1999 if (crv != CKR_OK) return crv; | 2160 if (crv != CKR_OK) return crv; |
| 2000 context->blockSize = blockSize; | 2161 context->blockSize = blockSize; |
| 2001 context->macSize = mac_bytes; | 2162 context->macSize = mac_bytes; |
| 2002 return CKR_OK; | 2163 return CKR_OK; |
| 2003 } | 2164 } |
| 2004 | 2165 |
| 2005 /* | 2166 /* |
| 2006 * encode RSA PKCS #1 Signature data before signing... | 2167 * encode RSA PKCS #1 Signature data before signing... |
| 2007 */ | 2168 */ |
| 2008 static SECStatus | 2169 static SECStatus |
| 2009 sftk_HashSign(SFTKHashSignInfo *info,unsigned char *sig,unsigned int *sigLen, | 2170 sftk_RSAHashSign(SFTKHashSignInfo *info, unsigned char *sig, |
| 2010 » » unsigned int maxLen,unsigned char *hash, unsigned int hashLen) | 2171 unsigned int *sigLen, unsigned int maxLen, |
| 2172 const unsigned char *hash, unsigned int hashLen) |
| 2011 { | 2173 { |
| 2012 return RSA_HashSign(info->hashOid,info->key,sig,sigLen,maxLen, | 2174 PORT_Assert(info->key->keyType == NSSLOWKEYRSAKey); |
| 2013 » » » » » » » hash,hashLen); | 2175 if (info->key->keyType != NSSLOWKEYRSAKey) { |
| 2176 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 2177 return SECFailure; |
| 2178 } |
| 2179 |
| 2180 return RSA_HashSign(info->hashOid, info->key, sig, sigLen, maxLen, |
| 2181 hash, hashLen); |
| 2014 } | 2182 } |
| 2015 | 2183 |
| 2016 /* XXX Old template; want to expunge it eventually. */ | 2184 /* XXX Old template; want to expunge it eventually. */ |
| 2017 static DERTemplate SECAlgorithmIDTemplate[] = { | 2185 static DERTemplate SECAlgorithmIDTemplate[] = { |
| 2018 { DER_SEQUENCE, | 2186 { DER_SEQUENCE, |
| 2019 0, NULL, sizeof(SECAlgorithmID) }, | 2187 0, NULL, sizeof(SECAlgorithmID) }, |
| 2020 { DER_OBJECT_ID, | 2188 { DER_OBJECT_ID, |
| 2021 offsetof(SECAlgorithmID,algorithm), }, | 2189 offsetof(SECAlgorithmID,algorithm), }, |
| 2022 { DER_OPTIONAL | DER_ANY, | 2190 { DER_OPTIONAL | DER_ANY, |
| 2023 offsetof(SECAlgorithmID,parameters), }, | 2191 offsetof(SECAlgorithmID,parameters), }, |
| 2024 { 0, } | 2192 { 0, } |
| 2025 }; | 2193 }; |
| 2026 | 2194 |
| 2027 /* | 2195 /* |
| 2028 * XXX OLD Template. Once all uses have been switched over to new one, | 2196 * XXX OLD Template. Once all uses have been switched over to new one, |
| 2029 * remove this. | 2197 * remove this. |
| 2030 */ | 2198 */ |
| 2031 static DERTemplate SGNDigestInfoTemplate[] = { | 2199 static DERTemplate SGNDigestInfoTemplate[] = { |
| 2032 { DER_SEQUENCE, | 2200 { DER_SEQUENCE, |
| 2033 0, NULL, sizeof(SGNDigestInfo) }, | 2201 0, NULL, sizeof(SGNDigestInfo) }, |
| 2034 { DER_INLINE, | 2202 { DER_INLINE, |
| 2035 offsetof(SGNDigestInfo,digestAlgorithm), | 2203 offsetof(SGNDigestInfo,digestAlgorithm), |
| 2036 SECAlgorithmIDTemplate, }, | 2204 SECAlgorithmIDTemplate, }, |
| 2037 { DER_OCTET_STRING, | 2205 { DER_OCTET_STRING, |
| 2038 offsetof(SGNDigestInfo,digest), }, | 2206 offsetof(SGNDigestInfo,digest), }, |
| 2039 { 0, } | 2207 { 0, } |
| 2040 }; | 2208 }; |
| 2041 | 2209 |
| 2210 /* |
| 2211 * encode RSA PKCS #1 Signature data before signing... |
| 2212 */ |
| 2042 SECStatus | 2213 SECStatus |
| 2043 RSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key, | 2214 RSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key, |
| 2044 » » unsigned char *sig, unsigned int *sigLen, unsigned int maxLen, | 2215 unsigned char *sig, unsigned int *sigLen, unsigned int maxLen, |
| 2045 » » unsigned char *hash, unsigned int hashLen) | 2216 const unsigned char *hash, unsigned int hashLen) |
| 2046 { | 2217 { |
| 2047 | |
| 2048 SECStatus rv = SECFailure; | 2218 SECStatus rv = SECFailure; |
| 2049 SECItem digder; | 2219 SECItem digder; |
| 2050 PLArenaPool *arena = NULL; | 2220 PLArenaPool *arena = NULL; |
| 2051 SGNDigestInfo *di = NULL; | 2221 SGNDigestInfo *di = NULL; |
| 2052 | 2222 |
| 2053 digder.data = NULL; | 2223 digder.data = NULL; |
| 2054 | 2224 |
| 2055 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 2225 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| 2056 if ( !arena ) { goto loser; } | 2226 if (!arena) { |
| 2057 | 2227 goto loser; |
| 2228 } |
| 2229 |
| 2058 /* Construct digest info */ | 2230 /* Construct digest info */ |
| 2059 di = SGN_CreateDigestInfo(hashOid, hash, hashLen); | 2231 di = SGN_CreateDigestInfo(hashOid, hash, hashLen); |
| 2060 if (!di) { goto loser; } | 2232 if (!di) { |
| 2233 goto loser; |
| 2234 } |
| 2061 | 2235 |
| 2062 /* Der encode the digest as a DigestInfo */ | 2236 /* Der encode the digest as a DigestInfo */ |
| 2063 rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate, di); | 2237 rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate, di); |
| 2064 if (rv != SECSuccess) { | 2238 if (rv != SECSuccess) { |
| 2065 » goto loser; | 2239 goto loser; |
| 2066 } | 2240 } |
| 2067 | 2241 |
| 2068 /* | 2242 /* |
| 2069 ** Encrypt signature after constructing appropriate PKCS#1 signature | 2243 ** Encrypt signature after constructing appropriate PKCS#1 signature |
| 2070 ** block | 2244 ** block |
| 2071 */ | 2245 */ |
| 2072 rv = RSA_Sign(key,sig,sigLen,maxLen,digder.data,digder.len); | 2246 rv = RSA_Sign(&key->u.rsa, sig, sigLen, maxLen, digder.data, |
| 2247 digder.len); |
| 2248 if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { |
| 2249 sftk_fatalError = PR_TRUE; |
| 2250 } |
| 2073 | 2251 |
| 2074 loser: | 2252 loser: |
| 2075 SGN_DestroyDigestInfo(di); | 2253 SGN_DestroyDigestInfo(di); |
| 2076 if (arena != NULL) { | 2254 if (arena != NULL) { |
| 2077 » PORT_FreeArena(arena, PR_FALSE); | 2255 PORT_FreeArena(arena, PR_FALSE); |
| 2078 } | 2256 } |
| 2079 return rv; | 2257 return rv; |
| 2080 } | 2258 } |
| 2081 | 2259 |
| 2082 static SECStatus | 2260 static SECStatus |
| 2083 sftk_SignPSS(SFTKHashSignInfo *info,unsigned char *sig,unsigned int *sigLen, | 2261 sftk_RSASign(NSSLOWKEYPrivateKey *key, unsigned char *output, |
| 2084 » » unsigned int maxLen,unsigned char *hash, unsigned int hashLen) | 2262 unsigned int *outputLen, unsigned int maxOutputLen, |
| 2263 const unsigned char *input, unsigned int inputLen) |
| 2085 { | 2264 { |
| 2086 return RSA_SignPSS(info->params,info->key,sig,sigLen,maxLen, | 2265 SECStatus rv = SECFailure; |
| 2087 » » » » » » » hash,hashLen); | 2266 |
| 2267 PORT_Assert(key->keyType == NSSLOWKEYRSAKey); |
| 2268 if (key->keyType != NSSLOWKEYRSAKey) { |
| 2269 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 2270 return SECFailure; |
| 2271 } |
| 2272 |
| 2273 rv = RSA_Sign(&key->u.rsa, output, outputLen, maxOutputLen, input, |
| 2274 inputLen); |
| 2275 if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { |
| 2276 sftk_fatalError = PR_TRUE; |
| 2277 } |
| 2278 return rv; |
| 2279 } |
| 2280 |
| 2281 static SECStatus |
| 2282 sftk_RSASignRaw(NSSLOWKEYPrivateKey *key, unsigned char *output, |
| 2283 unsigned int *outputLen, unsigned int maxOutputLen, |
| 2284 const unsigned char *input, unsigned int inputLen) |
| 2285 { |
| 2286 SECStatus rv = SECFailure; |
| 2287 |
| 2288 PORT_Assert(key->keyType == NSSLOWKEYRSAKey); |
| 2289 if (key->keyType != NSSLOWKEYRSAKey) { |
| 2290 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 2291 return SECFailure; |
| 2292 } |
| 2293 |
| 2294 rv = RSA_SignRaw(&key->u.rsa, output, outputLen, maxOutputLen, input, |
| 2295 inputLen); |
| 2296 if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { |
| 2297 sftk_fatalError = PR_TRUE; |
| 2298 } |
| 2299 return rv; |
| 2300 |
| 2301 } |
| 2302 |
| 2303 static SECStatus |
| 2304 sftk_RSASignPSS(SFTKHashSignInfo *info, unsigned char *sig, |
| 2305 unsigned int *sigLen, unsigned int maxLen, |
| 2306 const unsigned char *hash, unsigned int hashLen) |
| 2307 { |
| 2308 SECStatus rv = SECFailure; |
| 2309 HASH_HashType hashAlg; |
| 2310 HASH_HashType maskHashAlg; |
| 2311 CK_RSA_PKCS_PSS_PARAMS *params = (CK_RSA_PKCS_PSS_PARAMS *)info->params; |
| 2312 |
| 2313 PORT_Assert(info->key->keyType == NSSLOWKEYRSAKey); |
| 2314 if (info->key->keyType != NSSLOWKEYRSAKey) { |
| 2315 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 2316 return SECFailure; |
| 2317 } |
| 2318 |
| 2319 hashAlg = GetHashTypeFromMechanism(params->hashAlg); |
| 2320 maskHashAlg = GetHashTypeFromMechanism(params->mgf); |
| 2321 |
| 2322 rv = RSA_SignPSS(&info->key->u.rsa, hashAlg, maskHashAlg, NULL, |
| 2323 params->sLen, sig, sigLen, maxLen, hash, hashLen); |
| 2324 if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { |
| 2325 sftk_fatalError = PR_TRUE; |
| 2326 } |
| 2327 return rv; |
| 2088 } | 2328 } |
| 2089 | 2329 |
| 2090 static SECStatus | 2330 static SECStatus |
| 2091 nsc_DSA_Verify_Stub(void *ctx, void *sigBuf, unsigned int sigLen, | 2331 nsc_DSA_Verify_Stub(void *ctx, void *sigBuf, unsigned int sigLen, |
| 2092 void *dataBuf, unsigned int dataLen) | 2332 void *dataBuf, unsigned int dataLen) |
| 2093 { | 2333 { |
| 2094 SECItem signature, digest; | 2334 SECItem signature, digest; |
| 2095 NSSLOWKEYPublicKey *key = (NSSLOWKEYPublicKey *)ctx; | 2335 NSSLOWKEYPublicKey *key = (NSSLOWKEYPublicKey *)ctx; |
| 2096 | 2336 |
| 2097 signature.data = (unsigned char *)sigBuf; | 2337 signature.data = (unsigned char *)sigBuf; |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2208 return crv; | 2448 return crv; |
| 2209 } | 2449 } |
| 2210 | 2450 |
| 2211 context->multi = PR_FALSE; | 2451 context->multi = PR_FALSE; |
| 2212 | 2452 |
| 2213 #define INIT_RSA_SIGN_MECH(mmm) \ | 2453 #define INIT_RSA_SIGN_MECH(mmm) \ |
| 2214 case CKM_ ## mmm ## _RSA_PKCS: \ | 2454 case CKM_ ## mmm ## _RSA_PKCS: \ |
| 2215 context->multi = PR_TRUE; \ | 2455 context->multi = PR_TRUE; \ |
| 2216 crv = sftk_doSub ## mmm (context); \ | 2456 crv = sftk_doSub ## mmm (context); \ |
| 2217 if (crv != CKR_OK) break; \ | 2457 if (crv != CKR_OK) break; \ |
| 2218 » context->update = (SFTKCipher) sftk_HashSign; \ | 2458 » context->update = (SFTKCipher) sftk_RSAHashSign; \ |
| 2219 info = PORT_New(SFTKHashSignInfo); \ | 2459 info = PORT_New(SFTKHashSignInfo); \ |
| 2220 if (info == NULL) { crv = CKR_HOST_MEMORY; break; } \ | 2460 if (info == NULL) { crv = CKR_HOST_MEMORY; break; } \ |
| 2221 info->hashOid = SEC_OID_ ## mmm ; \ | 2461 info->hashOid = SEC_OID_ ## mmm ; \ |
| 2222 goto finish_rsa; | 2462 goto finish_rsa; |
| 2223 | 2463 |
| 2224 switch(pMechanism->mechanism) { | 2464 switch(pMechanism->mechanism) { |
| 2225 INIT_RSA_SIGN_MECH(MD5) | 2465 INIT_RSA_SIGN_MECH(MD5) |
| 2226 INIT_RSA_SIGN_MECH(MD2) | 2466 INIT_RSA_SIGN_MECH(MD2) |
| 2227 INIT_RSA_SIGN_MECH(SHA1) | 2467 INIT_RSA_SIGN_MECH(SHA1) |
| 2228 INIT_RSA_SIGN_MECH(SHA224) | 2468 INIT_RSA_SIGN_MECH(SHA224) |
| 2229 INIT_RSA_SIGN_MECH(SHA256) | 2469 INIT_RSA_SIGN_MECH(SHA256) |
| 2230 INIT_RSA_SIGN_MECH(SHA384) | 2470 INIT_RSA_SIGN_MECH(SHA384) |
| 2231 INIT_RSA_SIGN_MECH(SHA512) | 2471 INIT_RSA_SIGN_MECH(SHA512) |
| 2232 | 2472 |
| 2233 case CKM_RSA_PKCS: | 2473 case CKM_RSA_PKCS: |
| 2234 » context->update = (SFTKCipher) RSA_Sign; | 2474 » context->update = (SFTKCipher) sftk_RSASign; |
| 2235 goto finish_rsa; | 2475 goto finish_rsa; |
| 2236 case CKM_RSA_X_509: | 2476 case CKM_RSA_X_509: |
| 2237 » context->update = (SFTKCipher) RSA_SignRaw; | 2477 » context->update = (SFTKCipher) sftk_RSASignRaw; |
| 2238 finish_rsa: | 2478 finish_rsa: |
| 2239 if (key_type != CKK_RSA) { | 2479 if (key_type != CKK_RSA) { |
| 2240 crv = CKR_KEY_TYPE_INCONSISTENT; | 2480 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 2241 break; | 2481 break; |
| 2242 } | 2482 } |
| 2243 context->rsa = PR_TRUE; | 2483 context->rsa = PR_TRUE; |
| 2244 privKey = sftk_GetPrivKey(key,CKK_RSA,&crv); | 2484 privKey = sftk_GetPrivKey(key,CKK_RSA,&crv); |
| 2245 if (privKey == NULL) { | 2485 if (privKey == NULL) { |
| 2246 crv = CKR_KEY_TYPE_INCONSISTENT; | 2486 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 2247 break; | 2487 break; |
| (...skipping 28 matching lines...) Expand all Loading... |
| 2276 break; | 2516 break; |
| 2277 } | 2517 } |
| 2278 info->params = pMechanism->pParameter; | 2518 info->params = pMechanism->pParameter; |
| 2279 info->key = sftk_GetPrivKey(key,CKK_RSA,&crv); | 2519 info->key = sftk_GetPrivKey(key,CKK_RSA,&crv); |
| 2280 if (info->key == NULL) { | 2520 if (info->key == NULL) { |
| 2281 PORT_Free(info); | 2521 PORT_Free(info); |
| 2282 break; | 2522 break; |
| 2283 } | 2523 } |
| 2284 context->cipherInfo = info; | 2524 context->cipherInfo = info; |
| 2285 context->destroy = (SFTKDestroy) sftk_Space; | 2525 context->destroy = (SFTKDestroy) sftk_Space; |
| 2286 » context->update = (SFTKCipher) sftk_SignPSS; | 2526 » context->update = (SFTKCipher) sftk_RSASignPSS; |
| 2287 context->maxLen = nsslowkey_PrivateModulusLen(info->key); | 2527 context->maxLen = nsslowkey_PrivateModulusLen(info->key); |
| 2288 break; | 2528 break; |
| 2289 | 2529 |
| 2290 case CKM_DSA_SHA1: | 2530 case CKM_DSA_SHA1: |
| 2291 context->multi = PR_TRUE; | 2531 context->multi = PR_TRUE; |
| 2292 crv = sftk_doSubSHA1(context); | 2532 crv = sftk_doSubSHA1(context); |
| 2293 if (crv != CKR_OK) break; | 2533 if (crv != CKR_OK) break; |
| 2294 /* fall through */ | 2534 /* fall through */ |
| 2295 case CKM_DSA: | 2535 case CKM_DSA: |
| 2296 if (key_type != CKK_DSA) { | 2536 if (key_type != CKK_DSA) { |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2388 break; | 2628 break; |
| 2389 } | 2629 } |
| 2390 *intpointer = ctx->hash->length; | 2630 *intpointer = ctx->hash->length; |
| 2391 | 2631 |
| 2392 context->cipherInfo = intpointer; | 2632 context->cipherInfo = intpointer; |
| 2393 context->hashInfo = ctx; | 2633 context->hashInfo = ctx; |
| 2394 context->currentMech = pMechanism->mechanism; | 2634 context->currentMech = pMechanism->mechanism; |
| 2395 context->hashUpdate = sftk_HMACConstantTime_Update; | 2635 context->hashUpdate = sftk_HMACConstantTime_Update; |
| 2396 context->hashdestroy = sftk_MACConstantTime_DestroyContext; | 2636 context->hashdestroy = sftk_MACConstantTime_DestroyContext; |
| 2397 context->end = sftk_MACConstantTime_EndHash; | 2637 context->end = sftk_MACConstantTime_EndHash; |
| 2398 » context->update = sftk_SignCopy; | 2638 » context->update = (SFTKCipher) sftk_SignCopy; |
| 2399 context->destroy = sftk_Space; | 2639 context->destroy = sftk_Space; |
| 2400 context->maxLen = 64; | 2640 context->maxLen = 64; |
| 2401 context->multi = PR_TRUE; | 2641 context->multi = PR_TRUE; |
| 2402 break; | 2642 break; |
| 2403 } | 2643 } |
| 2404 | 2644 |
| 2405 case CKM_NSS_SSL3_MAC_CONSTANT_TIME: { | 2645 case CKM_NSS_SSL3_MAC_CONSTANT_TIME: { |
| 2406 sftk_MACConstantTimeCtx *ctx = | 2646 sftk_MACConstantTimeCtx *ctx = |
| 2407 sftk_SSLv3MACConstantTime_New(pMechanism,key); | 2647 sftk_SSLv3MACConstantTime_New(pMechanism,key); |
| 2408 CK_ULONG *intpointer; | 2648 CK_ULONG *intpointer; |
| 2409 | 2649 |
| 2410 if (ctx == NULL) { | 2650 if (ctx == NULL) { |
| 2411 crv = CKR_ARGUMENTS_BAD; | 2651 crv = CKR_ARGUMENTS_BAD; |
| 2412 break; | 2652 break; |
| 2413 } | 2653 } |
| 2414 intpointer = PORT_New(CK_ULONG); | 2654 intpointer = PORT_New(CK_ULONG); |
| 2415 if (intpointer == NULL) { | 2655 if (intpointer == NULL) { |
| 2416 crv = CKR_HOST_MEMORY; | 2656 crv = CKR_HOST_MEMORY; |
| 2417 break; | 2657 break; |
| 2418 } | 2658 } |
| 2419 *intpointer = ctx->hash->length; | 2659 *intpointer = ctx->hash->length; |
| 2420 | 2660 |
| 2421 context->cipherInfo = intpointer; | 2661 context->cipherInfo = intpointer; |
| 2422 context->hashInfo = ctx; | 2662 context->hashInfo = ctx; |
| 2423 context->currentMech = pMechanism->mechanism; | 2663 context->currentMech = pMechanism->mechanism; |
| 2424 context->hashUpdate = sftk_SSLv3MACConstantTime_Update; | 2664 context->hashUpdate = sftk_SSLv3MACConstantTime_Update; |
| 2425 context->hashdestroy = sftk_MACConstantTime_DestroyContext; | 2665 context->hashdestroy = sftk_MACConstantTime_DestroyContext; |
| 2426 context->end = sftk_MACConstantTime_EndHash; | 2666 context->end = sftk_MACConstantTime_EndHash; |
| 2427 » context->update = sftk_SignCopy; | 2667 » context->update = (SFTKCipher) sftk_SignCopy; |
| 2428 context->destroy = sftk_Space; | 2668 context->destroy = sftk_Space; |
| 2429 context->maxLen = 64; | 2669 context->maxLen = 64; |
| 2430 context->multi = PR_TRUE; | 2670 context->multi = PR_TRUE; |
| 2431 break; | 2671 break; |
| 2432 } | 2672 } |
| 2433 | 2673 |
| 2434 default: | 2674 default: |
| 2435 crv = CKR_MECHANISM_INVALID; | 2675 crv = CKR_MECHANISM_INVALID; |
| 2436 break; | 2676 break; |
| 2437 } | 2677 } |
| (...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2685 | 2925 |
| 2686 return NSC_Sign(hSession,pData,ulDataLen,pSignature,pulSignatureLen); | 2926 return NSC_Sign(hSession,pData,ulDataLen,pSignature,pulSignatureLen); |
| 2687 } | 2927 } |
| 2688 | 2928 |
| 2689 /* | 2929 /* |
| 2690 ************** Crypto Functions: verify ************************ | 2930 ************** Crypto Functions: verify ************************ |
| 2691 */ | 2931 */ |
| 2692 | 2932 |
| 2693 /* Handle RSA Signature formatting */ | 2933 /* Handle RSA Signature formatting */ |
| 2694 static SECStatus | 2934 static SECStatus |
| 2695 sftk_hashCheckSign(SFTKHashVerifyInfo *info, unsigned char *sig, | 2935 sftk_hashCheckSign(SFTKHashVerifyInfo *info, const unsigned char *sig, |
| 2696 » unsigned int sigLen, unsigned char *digest, unsigned int digestLen) | 2936 unsigned int sigLen, const unsigned char *digest, |
| 2937 unsigned int digestLen) |
| 2697 { | 2938 { |
| 2698 return RSA_HashCheckSign(info->hashOid, info->key, sig, sigLen, | 2939 PORT_Assert(info->key->keyType == NSSLOWKEYRSAKey); |
| 2699 » » » » » » digest, digestLen); | 2940 if (info->key->keyType != NSSLOWKEYRSAKey) { |
| 2941 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 2942 return SECFailure; |
| 2943 } |
| 2944 |
| 2945 return RSA_HashCheckSign(info->hashOid, info->key, sig, sigLen, digest, |
| 2946 digestLen); |
| 2700 } | 2947 } |
| 2701 | 2948 |
| 2702 SECStatus | 2949 SECStatus |
| 2703 RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key, | 2950 RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key, |
| 2704 » unsigned char *sig, unsigned int sigLen, | 2951 const unsigned char *sig, unsigned int sigLen, |
| 2705 » unsigned char *digest, unsigned int digestLen) | 2952 const unsigned char *hash, unsigned int hashLen) |
| 2706 { | 2953 { |
| 2707 | |
| 2708 SECItem it; | 2954 SECItem it; |
| 2709 SGNDigestInfo *di = NULL; | 2955 SGNDigestInfo *di = NULL; |
| 2710 SECStatus rv = SECSuccess; | 2956 SECStatus rv = SECSuccess; |
| 2711 | 2957 |
| 2712 it.data = NULL; | 2958 it.data = NULL; |
| 2959 it.len = nsslowkey_PublicModulusLen(key); |
| 2960 if (!it.len) { |
| 2961 goto loser; |
| 2962 } |
| 2713 | 2963 |
| 2714 if (key == NULL) goto loser; | 2964 it.data = (unsigned char *)PORT_Alloc(it.len); |
| 2715 | 2965 if (it.data == NULL) { |
| 2716 it.len = nsslowkey_PublicModulusLen(key); | 2966 goto loser; |
| 2717 if (!it.len) goto loser; | 2967 } |
| 2718 | |
| 2719 it.data = (unsigned char *) PORT_Alloc(it.len); | |
| 2720 if (it.data == NULL) goto loser; | |
| 2721 | 2968 |
| 2722 /* decrypt the block */ | 2969 /* decrypt the block */ |
| 2723 rv = RSA_CheckSignRecover(key, it.data, &it.len, it.len, sig, sigLen); | 2970 rv = RSA_CheckSignRecover(&key->u.rsa, it.data, &it.len, it.len, sig, |
| 2724 if (rv != SECSuccess) goto loser; | 2971 sigLen); |
| 2972 if (rv != SECSuccess) { |
| 2973 goto loser; |
| 2974 } |
| 2725 | 2975 |
| 2726 di = SGN_DecodeDigestInfo(&it); | 2976 di = SGN_DecodeDigestInfo(&it); |
| 2727 if (di == NULL) goto loser; | 2977 if (di == NULL) { |
| 2728 if (di->digest.len != digestLen) goto loser; | 2978 goto loser; |
| 2979 } |
| 2980 if (di->digest.len != hashLen) { |
| 2981 goto loser; |
| 2982 } |
| 2729 | 2983 |
| 2730 /* make sure the tag is OK */ | 2984 /* make sure the tag is OK */ |
| 2731 if (SECOID_GetAlgorithmTag(&di->digestAlgorithm) != hashOid) { | 2985 if (SECOID_GetAlgorithmTag(&di->digestAlgorithm) != hashOid) { |
| 2732 » goto loser; | 2986 goto loser; |
| 2733 } | 2987 } |
| 2734 /* make sure the "parameters" are not too bogus. */ | 2988 /* make sure the "parameters" are not too bogus. */ |
| 2735 if (di->digestAlgorithm.parameters.len > 2) { | 2989 if (di->digestAlgorithm.parameters.len > 2) { |
| 2736 » goto loser; | 2990 goto loser; |
| 2737 } | 2991 } |
| 2738 /* Now check the signature */ | 2992 /* Now check the signature */ |
| 2739 if (PORT_Memcmp(digest, di->digest.data, di->digest.len) == 0) { | 2993 if (PORT_Memcmp(hash, di->digest.data, di->digest.len) == 0) { |
| 2740 » goto done; | 2994 goto done; |
| 2741 } | 2995 } |
| 2742 | 2996 |
| 2743 loser: | 2997 loser: |
| 2744 PORT_SetError(SEC_ERROR_BAD_SIGNATURE); | 2998 PORT_SetError(SEC_ERROR_BAD_SIGNATURE); |
| 2745 rv = SECFailure; | 2999 rv = SECFailure; |
| 2746 | 3000 |
| 2747 done: | 3001 done: |
| 2748 if (it.data != NULL) PORT_Free(it.data); | 3002 if (it.data != NULL) { |
| 2749 if (di != NULL) SGN_DestroyDigestInfo(di); | 3003 PORT_Free(it.data); |
| 2750 | 3004 } |
| 3005 if (di != NULL) { |
| 3006 SGN_DestroyDigestInfo(di); |
| 3007 } |
| 3008 |
| 2751 return rv; | 3009 return rv; |
| 2752 } | 3010 } |
| 2753 | 3011 |
| 2754 static SECStatus | 3012 static SECStatus |
| 2755 sftk_CheckSignPSS(SFTKHashVerifyInfo *info, unsigned char *sig, | 3013 sftk_RSACheckSign(NSSLOWKEYPublicKey *key, const unsigned char *sig, |
| 2756 » unsigned int sigLen, unsigned char *digest, unsigned int digestLen) | 3014 unsigned int sigLen, const unsigned char *digest, |
| 3015 unsigned int digestLen) |
| 2757 { | 3016 { |
| 2758 return RSA_CheckSignPSS(info->params, info->key, sig, sigLen, | 3017 PORT_Assert(key->keyType == NSSLOWKEYRSAKey); |
| 2759 » » » » » » digest, digestLen); | 3018 if (key->keyType != NSSLOWKEYRSAKey) { |
| 3019 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 3020 return SECFailure; |
| 3021 } |
| 3022 |
| 3023 return RSA_CheckSign(&key->u.rsa, sig, sigLen, digest, digestLen); |
| 3024 } |
| 3025 |
| 3026 static SECStatus |
| 3027 sftk_RSACheckSignRaw(NSSLOWKEYPublicKey *key, const unsigned char *sig, |
| 3028 unsigned int sigLen, const unsigned char *digest, |
| 3029 unsigned int digestLen) |
| 3030 { |
| 3031 PORT_Assert(key->keyType == NSSLOWKEYRSAKey); |
| 3032 if (key->keyType != NSSLOWKEYRSAKey) { |
| 3033 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 3034 return SECFailure; |
| 3035 } |
| 3036 |
| 3037 return RSA_CheckSignRaw(&key->u.rsa, sig, sigLen, digest, digestLen); |
| 3038 } |
| 3039 |
| 3040 static SECStatus |
| 3041 sftk_RSACheckSignPSS(SFTKHashVerifyInfo *info, const unsigned char *sig, |
| 3042 unsigned int sigLen, const unsigned char *digest, |
| 3043 unsigned int digestLen) |
| 3044 { |
| 3045 HASH_HashType hashAlg; |
| 3046 HASH_HashType maskHashAlg; |
| 3047 CK_RSA_PKCS_PSS_PARAMS *params = (CK_RSA_PKCS_PSS_PARAMS *)info->params; |
| 3048 |
| 3049 PORT_Assert(info->key->keyType == NSSLOWKEYRSAKey); |
| 3050 if (info->key->keyType != NSSLOWKEYRSAKey) { |
| 3051 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 3052 return SECFailure; |
| 3053 } |
| 3054 |
| 3055 hashAlg = GetHashTypeFromMechanism(params->hashAlg); |
| 3056 maskHashAlg = GetHashTypeFromMechanism(params->mgf); |
| 3057 |
| 3058 return RSA_CheckSignPSS(&info->key->u.rsa, hashAlg, maskHashAlg, |
| 3059 params->sLen, sig, sigLen, digest, digestLen); |
| 2760 } | 3060 } |
| 2761 | 3061 |
| 2762 /* NSC_VerifyInit initializes a verification operation, | 3062 /* NSC_VerifyInit initializes a verification operation, |
| 2763 * where the signature is an appendix to the data, | 3063 * where the signature is an appendix to the data, |
| 2764 * and plaintext cannot be recovered from the signature (e.g. DSA) */ | 3064 * and plaintext cannot be recovered from the signature (e.g. DSA) */ |
| 2765 CK_RV NSC_VerifyInit(CK_SESSION_HANDLE hSession, | 3065 CK_RV NSC_VerifyInit(CK_SESSION_HANDLE hSession, |
| 2766 CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) | 3066 CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) |
| 2767 { | 3067 { |
| 2768 SFTKSession *session; | 3068 SFTKSession *session; |
| 2769 SFTKObject *key; | 3069 SFTKObject *key; |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2804 switch(pMechanism->mechanism) { | 3104 switch(pMechanism->mechanism) { |
| 2805 INIT_RSA_VFY_MECH(MD5) | 3105 INIT_RSA_VFY_MECH(MD5) |
| 2806 INIT_RSA_VFY_MECH(MD2) | 3106 INIT_RSA_VFY_MECH(MD2) |
| 2807 INIT_RSA_VFY_MECH(SHA1) | 3107 INIT_RSA_VFY_MECH(SHA1) |
| 2808 INIT_RSA_VFY_MECH(SHA224) | 3108 INIT_RSA_VFY_MECH(SHA224) |
| 2809 INIT_RSA_VFY_MECH(SHA256) | 3109 INIT_RSA_VFY_MECH(SHA256) |
| 2810 INIT_RSA_VFY_MECH(SHA384) | 3110 INIT_RSA_VFY_MECH(SHA384) |
| 2811 INIT_RSA_VFY_MECH(SHA512) | 3111 INIT_RSA_VFY_MECH(SHA512) |
| 2812 | 3112 |
| 2813 case CKM_RSA_PKCS: | 3113 case CKM_RSA_PKCS: |
| 2814 » context->verify = (SFTKVerify) RSA_CheckSign; | 3114 » context->verify = (SFTKVerify) sftk_RSACheckSign; |
| 2815 goto finish_rsa; | 3115 goto finish_rsa; |
| 2816 case CKM_RSA_X_509: | 3116 case CKM_RSA_X_509: |
| 2817 » context->verify = (SFTKVerify) RSA_CheckSignRaw; | 3117 » context->verify = (SFTKVerify) sftk_RSACheckSignRaw; |
| 2818 finish_rsa: | 3118 finish_rsa: |
| 2819 if (key_type != CKK_RSA) { | 3119 if (key_type != CKK_RSA) { |
| 2820 if (info) PORT_Free(info); | 3120 if (info) PORT_Free(info); |
| 2821 crv = CKR_KEY_TYPE_INCONSISTENT; | 3121 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 2822 break; | 3122 break; |
| 2823 } | 3123 } |
| 2824 context->rsa = PR_TRUE; | 3124 context->rsa = PR_TRUE; |
| 2825 pubKey = sftk_GetPubKey(key,CKK_RSA,&crv); | 3125 pubKey = sftk_GetPubKey(key,CKK_RSA,&crv); |
| 2826 if (pubKey == NULL) { | 3126 if (pubKey == NULL) { |
| 2827 if (info) PORT_Free(info); | 3127 if (info) PORT_Free(info); |
| (...skipping 25 matching lines...) Expand all Loading... |
| 2853 break; | 3153 break; |
| 2854 } | 3154 } |
| 2855 info->params = pMechanism->pParameter; | 3155 info->params = pMechanism->pParameter; |
| 2856 info->key = sftk_GetPubKey(key,CKK_RSA,&crv); | 3156 info->key = sftk_GetPubKey(key,CKK_RSA,&crv); |
| 2857 if (info->key == NULL) { | 3157 if (info->key == NULL) { |
| 2858 PORT_Free(info); | 3158 PORT_Free(info); |
| 2859 break; | 3159 break; |
| 2860 } | 3160 } |
| 2861 context->cipherInfo = info; | 3161 context->cipherInfo = info; |
| 2862 context->destroy = (SFTKDestroy) sftk_Space; | 3162 context->destroy = (SFTKDestroy) sftk_Space; |
| 2863 » context->verify = (SFTKVerify) sftk_CheckSignPSS; | 3163 » context->verify = (SFTKVerify) sftk_RSACheckSignPSS; |
| 2864 break; | 3164 break; |
| 2865 case CKM_DSA_SHA1: | 3165 case CKM_DSA_SHA1: |
| 2866 context->multi = PR_TRUE; | 3166 context->multi = PR_TRUE; |
| 2867 crv = sftk_doSubSHA1(context); | 3167 crv = sftk_doSubSHA1(context); |
| 2868 if (crv != CKR_OK) break; | 3168 if (crv != CKR_OK) break; |
| 2869 /* fall through */ | 3169 /* fall through */ |
| 2870 case CKM_DSA: | 3170 case CKM_DSA: |
| 2871 if (key_type != CKK_DSA) { | 3171 if (key_type != CKK_DSA) { |
| 2872 crv = CKR_KEY_TYPE_INCONSISTENT; | 3172 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 2873 break; | 3173 break; |
| (...skipping 159 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3033 | 3333 |
| 3034 sftk_TerminateOp( session, SFTK_VERIFY, context ); | 3334 sftk_TerminateOp( session, SFTK_VERIFY, context ); |
| 3035 sftk_FreeSession(session); | 3335 sftk_FreeSession(session); |
| 3036 return crv; | 3336 return crv; |
| 3037 | 3337 |
| 3038 } | 3338 } |
| 3039 | 3339 |
| 3040 /* | 3340 /* |
| 3041 ************** Crypto Functions: Verify Recover ************************ | 3341 ************** Crypto Functions: Verify Recover ************************ |
| 3042 */ | 3342 */ |
| 3343 static SECStatus |
| 3344 sftk_RSACheckSignRecover(NSSLOWKEYPublicKey *key, unsigned char *data, |
| 3345 unsigned int *dataLen, unsigned int maxDataLen, |
| 3346 const unsigned char *sig, unsigned int sigLen) |
| 3347 { |
| 3348 PORT_Assert(key->keyType == NSSLOWKEYRSAKey); |
| 3349 if (key->keyType != NSSLOWKEYRSAKey) { |
| 3350 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 3351 return SECFailure; |
| 3352 } |
| 3353 |
| 3354 return RSA_CheckSignRecover(&key->u.rsa, data, dataLen, maxDataLen, |
| 3355 sig, sigLen); |
| 3356 } |
| 3357 |
| 3358 static SECStatus |
| 3359 sftk_RSACheckSignRecoverRaw(NSSLOWKEYPublicKey *key, unsigned char *data, |
| 3360 unsigned int *dataLen, unsigned int maxDataLen, |
| 3361 const unsigned char *sig, unsigned int sigLen) |
| 3362 { |
| 3363 PORT_Assert(key->keyType == NSSLOWKEYRSAKey); |
| 3364 if (key->keyType != NSSLOWKEYRSAKey) { |
| 3365 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 3366 return SECFailure; |
| 3367 } |
| 3368 |
| 3369 return RSA_CheckSignRecoverRaw(&key->u.rsa, data, dataLen, maxDataLen, |
| 3370 sig, sigLen); |
| 3371 } |
| 3043 | 3372 |
| 3044 /* NSC_VerifyRecoverInit initializes a signature verification operation, | 3373 /* NSC_VerifyRecoverInit initializes a signature verification operation, |
| 3045 * where the data is recovered from the signature. | 3374 * where the data is recovered from the signature. |
| 3046 * E.g. Decryption with the user's public key */ | 3375 * E.g. Decryption with the user's public key */ |
| 3047 CK_RV NSC_VerifyRecoverInit(CK_SESSION_HANDLE hSession, | 3376 CK_RV NSC_VerifyRecoverInit(CK_SESSION_HANDLE hSession, |
| 3048 CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) | 3377 CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) |
| 3049 { | 3378 { |
| 3050 SFTKSession *session; | 3379 SFTKSession *session; |
| 3051 SFTKObject *key; | 3380 SFTKObject *key; |
| 3052 SFTKSessionContext *context; | 3381 SFTKSessionContext *context; |
| (...skipping 22 matching lines...) Expand all Loading... |
| 3075 break; | 3404 break; |
| 3076 } | 3405 } |
| 3077 context->multi = PR_FALSE; | 3406 context->multi = PR_FALSE; |
| 3078 context->rsa = PR_TRUE; | 3407 context->rsa = PR_TRUE; |
| 3079 pubKey = sftk_GetPubKey(key,CKK_RSA,&crv); | 3408 pubKey = sftk_GetPubKey(key,CKK_RSA,&crv); |
| 3080 if (pubKey == NULL) { | 3409 if (pubKey == NULL) { |
| 3081 break; | 3410 break; |
| 3082 } | 3411 } |
| 3083 context->cipherInfo = pubKey; | 3412 context->cipherInfo = pubKey; |
| 3084 context->update = (SFTKCipher) (pMechanism->mechanism == CKM_RSA_X_509 | 3413 context->update = (SFTKCipher) (pMechanism->mechanism == CKM_RSA_X_509 |
| 3085 » » » ? RSA_CheckSignRecoverRaw : RSA_CheckSignRecover); | 3414 » » » ? sftk_RSACheckSignRecoverRaw : sftk_RSACheckSignRecover
); |
| 3086 context->destroy = sftk_Null; | 3415 context->destroy = sftk_Null; |
| 3087 break; | 3416 break; |
| 3088 default: | 3417 default: |
| 3089 crv = CKR_MECHANISM_INVALID; | 3418 crv = CKR_MECHANISM_INVALID; |
| 3090 break; | 3419 break; |
| 3091 } | 3420 } |
| 3092 | 3421 |
| 3093 if (crv != CKR_OK) { | 3422 if (crv != CKR_OK) { |
| 3094 PORT_Free(context); | 3423 PORT_Free(context); |
| 3095 sftk_FreeSession(session); | 3424 sftk_FreeSession(session); |
| (...skipping 3978 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 7074 att = sftk_FindAttribute(key,CKA_VALUE); | 7403 att = sftk_FindAttribute(key,CKA_VALUE); |
| 7075 sftk_FreeObject(key); | 7404 sftk_FreeObject(key); |
| 7076 if (!att) { | 7405 if (!att) { |
| 7077 return CKR_KEY_HANDLE_INVALID; | 7406 return CKR_KEY_HANDLE_INVALID; |
| 7078 } | 7407 } |
| 7079 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, | 7408 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, |
| 7080 att->attrib.ulValueLen); | 7409 att->attrib.ulValueLen); |
| 7081 sftk_FreeAttribute(att); | 7410 sftk_FreeAttribute(att); |
| 7082 return crv; | 7411 return crv; |
| 7083 } | 7412 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 105893015:
Update third_party/nss to NSS 3.15.4. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/